Conflicting messages arise in debate over site security

Maintaining good personal Internet security practices can help keep internal data safe from harm, but even if a company has a strong firewall and updated security software, there is still a possibility that visiting an infected website can leave an unwelcome signature on a PC or Mac. Recent studies have shown differing pictures of the Internet landscape, with some pointing to enhanced online client precautions and others citing an increased number of holes in server security.

Learning how to trust

Most companies have some sort of PCI scanning requirement for their services in order to make sure Internet security is intact. However, a study by TrustGuard indicates that either these organizations' IT personnel don't know how to operate the systems properly or are simply ignoring the protocol.

The recent survey found that nine out of 10 web pages had staggering vulnerabilities that would allow hackers to easily infiltrate administrator level usage. Once within the site's infrastructure, the hacker could easily implant the site with malware and other viruses. Any user viewing the site would run the risk of being infected with these programs, subsequently, even if both the hosting company and the visiting PC were protected with security software.

"Think of the millions of sites online," said TrustGuard CEO David Brandley in an interview with the Sacramento Bee. "A vast majority of them, according to our scanning statistics, have serious vulnerabilities. It's dangerous, it's ultimately jeopardizing the site owners' businesses, and it's just unacceptable."

A mixed message

Forbes also recently reported on a similar study by Whitehat that showed very different results. One key difference in the kinds of sites featured may hold the answer to the discrepancy.

The WhiteHat results showed that over the last five years the number of gaps in site security have decreased drastically. Of the 7,000 sites WhiteHat tested, the majority had fewer than 80 loopholes on average, a reduction of two-thirds from last year's 230 total per site. While these sites may only make up a small representative package from the entire Internet body, the designers were careful to select pages from a variety of different sectors. By using financial, retail, banking and healthcare sources, the researchers were able to gather a better skew of threats present currently online.

Moving toward a better future

One of the major differences between the WhiteHat and TrustGuard studies was the age of the sites used. While the former used more new sites, the latter was careful to test subjects from all areas of the web. This might make TrustGuard's data more comprehensive as an overall snapshot of Internet security, but WhiteHat's study points out that newer developers are being more careful when it comes to site construction.

"Websites are getting less vulnerable," said WhiteHat chief technology officer Jeremiah Grossman in a Forbes interview. "We're seeing newer websites that are more secure than their older cousins. It seems like the pressure the bad guys are putting on [IT personnel] is giving them the motivation to do something about it."

While sites like Facebook and providers such as Microsoft and Apple move toward user-level data security with better passwords and other safeguards, the best practice is always to boost better safety from the inside out.